Jamie Alloway Hunter

US Patent:

7506380, Mar 17, 2009

Filed:

Jan 14, 2005

Appl. No.:

11/035715

Inventors:

Jamie Hunter - Bothell WA, US
Paul England - Bellevue WA, US
Russell Humphries - Redmond WA, US
Stefan Thom - Snohomish WA, US
Kenneth D. Ray - Seattle WA, US
Jonathan Schwartz - Kirkland WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 21/02
G06F 11/30
G06F 9/00
H04L 9/00
H04K 1/00

US Classification:

726 26, 726 16, 713 1, 713189

Abstract:

Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.

US Patent:

7565553, Jul 21, 2009

Filed:

Jan 14, 2005

Appl. No.:

11/036415

Inventors:

Jamie Hunter - Bothell WA, US
Paul England - Bellevue WA, US
Russell Humphries - Redmond WA, US
Stefan Thom - Snohomish WA, US
Kenneth D. Ray - Seattle WA, US
Jonathan Schwartz - Kirkland WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 12/14

US Classification:

713192, 726 34

Abstract:

Systems and methods for controlling access to data on a computer with a secure boot process can provide a highly efficient mechanism for preventing future access to encrypted digital resources. This may be advantageous in a range of scenarios, for example where a computer is sold and assurance is desired that no stray private data remains on the hard disk. Data resources, for example all data associated with one or more particular hard disk partitions, may be encrypted. The decryption key may be available through a secure boot process. By erasing, altering, or otherwise disabling a secret, such as a decryption key or a process that obtains a decryption key, the data formerly accessible using such secret becomes inaccessible.

US Patent:

7694121, Apr 6, 2010

Filed:

Jun 30, 2004

Appl. No.:

10/882134

Inventors:

Bryan Mark Willman - Kirkland WA, US
Paul England - Bellevue WA, US
Kenneth D. Ray - Seattle WA, US
Jamie Hunter - Bothell WA, US
Lonnie Dean McMichael - Redmond WA, US
Derek Norman LaSalle - Redmond WA, US
Pierre Jacomet - Sammamish WA, US
Mark Eliot Paley - Sammamish WA, US
Thekkthalackal Varugis Kurien - Sammamish WA, US
David B. Cross - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 9/00

US Classification:

713 2, 713161, 713165, 713172

Abstract:

A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader's future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader's behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.

US Patent:

7725703, May 25, 2010

Filed:

Jan 7, 2005

Appl. No.:

11/031161

Inventors:

Jamie Hunter - Bothell WA, US
Paul England - Bellevue WA, US
Russell Humphries - Redmond WA, US
Stefan Thom - Snohomish WA, US
Kenneth D Ray - Seattle WA, US
Jonathan Schwartz - Kirkland WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 21/02
G06F 21/22

US Classification:

713 2, 713100, 713170, 713181, 713193, 726 29, 726 34, 380259

Abstract:

In a computer with a trusted platform module (TPM), an expected hash value of a boot component may be placed into a platform configuration register (PCR), which allows a TPM to unseal a secret. The secret may then be used to decrypt the boot component. The hash of the decrypted boot component may then be calculated and the result can be placed in a PCR. The PCRs may then be compared. If they do not, access to the an important secret for system operation can be revoked. Also, a first secret may be accessible only when a first plurality of PCR values are extant, while a second secret is accessible only after one or more of the first plurality of PCR values has been replaced with a new value, thereby necessarily revoking further access to the first secret in order to grant access to the second secret.

US Patent:

8028172, Sep 27, 2011

Filed:

Jan 14, 2005

Appl. No.:

11/036018

Inventors:

Jamie Hunter - Bothell WA, US
Paul England - Bellevue WA, US
Russell Humphries - Redmond WA, US
Stefan Thom - Snohomish WA, US
Kenneth D. Ray - Seattle WA, US
Jonathan Schwartz - Kirkland WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/32

US Classification:

713193

Abstract:

Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.

US Patent:

8046593, Oct 25, 2011

Filed:

Jun 7, 2006

Appl. No.:

11/449553

Inventors:

Carl M. Ellison - Seattle WA, US
Jamie Hunter - Bothell WA, US
Kenneth D. Ray - Seattle WA, US
Niels T. Ferguson - Redmond WA, US
Philip J. Lafornara - Bellevue WA, US
Russell Humphries - Redmond WA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

G06F 12/14

US Classification:

713193, 713189, 726 26, 726 27, 726 31

Abstract:

Access to a storage device, such as a disk, is controlled by performing a disk operation using a single cryptographic engine. Keys associated with each layer of a layered structure associated with controlling access to the storage device are combined. The resultant of this combination is used as the key to the cryptographic engine. Data to be retrieved from and written to the storage device are operated on by the cryptographic engine utilizing the combined key. Keys are combined by combining functions associated with layers of the layered structure. A combining function can include an exclusive or function, a cryptographic hash function, or a combination thereof.

US Patent:

20050197996, Sep 8, 2005

Filed:

Mar 2, 2004

Appl. No.:

10/791586

Inventors:

Jason Cobb - Sammamish WA, US
James Cavalaris - Kirkland WA, US
Santosh Jodh - Sammamish WA, US
Jamie Hunter - Bothell WA, US
Lonny McMichael - Redmond WA, US

International Classification:

G06F007/00

US Classification:

707001000

Abstract:

A method and system for avoiding the overwriting of drivers by subsequent versions or other commonly named drivers includes generating a unique identity for every eligible driver package. Driver files from the driver package, or the entire driver package itself, are then installed in a subdirectory location in a common storage based on the unique identity. The driver files may be loaded to a memory from the subdirectory location. Thus, multiple driver packages and driver files having the same name may be installed and loaded side-by-side.